|
301651
|
- |
|
moodle
|
moodle
|
mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription re…
|
CWE-16
Configuration
|
CVE-2012-3392
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301652
|
- |
|
moodle
|
moodle
|
mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3391
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301653
|
- |
|
moodle
|
moodle
|
lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3390
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301654
|
- |
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2012-3389
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301655
|
- |
|
moodle
|
moodle
|
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3388
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301656
|
- |
|
moodle
|
moodle
|
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrict…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3387
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301657
|
- |
|
symantec
|
web_gateway
|
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2977
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301658
|
- |
|
symantec
|
web_gateway
|
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" is…
|
CWE-78
OS Command
|
CVE-2012-2976
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301659
|
- |
|
symantec
|
web_gateway
|
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2012-2961
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301660
|
- |
|
symantec
|
web_gateway
|
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2957
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
